ClawHub

TaxClaw

v0.1.1

Extract, store, and export tax documents (W-2, 1099-DA, all 1099 variants, K-1) using AI. Local-first — your documents never leave your machine. Web UI at lo...

0· 382·0 current·0 all-time
byDoug Butdorf@dougbutdorf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (local-first tax document extraction) matches the code and runtime requirements. It legitimately needs Python, PyMuPDF (pymupdf), a web server (FastAPI/uvicorn), and optional local/remote LLM backends. Minor mismatch: registry metadata labelled this as 'instruction-only', but the package actually includes a full codebase and a setup.sh that installs dependencies — so this is more than a pure docs-only skill.
Instruction Scope
SKILL.md and the code limit actions to reading user-supplied uploads, storing data under ~/.local/share/taxclaw, reading/writing ~/.config/taxclaw/config.yaml, and optionally calling a cloud AI if the user enables cloud mode. Prompts explicitly treat document text as untrusted. There are no instructions to read arbitrary system files or phone home by default.
Install Mechanism
There is no registry-level install spec, but the provided setup.sh creates a virtualenv and pip-installs requirements.txt (PyPI). Installing packages from PyPI is typical but does pull third-party packages (anthropic, ollama, etc.) onto disk. This is moderate risk compared with an instruction-only skill; review requirements.txt and optionally inspect package sources before running setup.sh.
Credentials
No required env vars are declared for normal local operation. The code will read ANTHROPIC_API_KEY (env) if cloud mode is used — this is expected and documented as opt-in. No unrelated credentials or unrelated system config paths are requested.
Persistence & Privilege
The skill stores data locally (config in ~/.config/taxclaw and data in ~/.local/share/taxclaw) and creates a virtualenv under the skill folder; it does not demand permanent always-inclusion or elevated system privileges. always: false and agent-autonomy defaults are normal.
Assessment
TaxClaw appears internally consistent with its claim to be a local-first tax document extractor. Before installing: (1) Review setup.sh and requirements.txt — setup will create a venv and pip-install packages from PyPI. (2) Confirm you are happy with local storage at ~/.local/share/taxclaw and ~/.config/taxclaw (these will contain sensitive extracted data). (3) Keep cloud mode disabled unless you intentionally set cloud_api_key / ANTHROPIC_API_KEY and set privacy_acknowledged in config.yaml — cloud mode will send excerpts to Anthropic. (4) Optionally inspect the included source (or the GitHub repo referenced in SKILL.md) if you want to audit network/IO behavior before running setup.sh. Overall this skill is coherent and behaves as described, but installing software and dependencies always carries the usual supply-chain and local-data risks.

Like a lobster shell, security has layers — review code before you run it.

latestvk979mx7cp795j3yds99zh0tmk581q2mk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments